Google Chrome 106 point update fixes 6 security vulnerabilities
Google released a new stable version of its Chrome web browser today. The new version of Chrome patches six different vulnerabilities in the web browser according to Google's release announcement on the official Chrome releases blog.
Chrome 106.0.5249.119 is already available for the supported desktop systems Windows, Mac and Linux. Google notes that the Extended Stable channel has been updated to the same version for Windows and Mac as well.
Most Chrome installations are updated automatically thanks to the built-in updating system. The process may take days or even weeks according to Google.
Chrome users may load chrome://settings/help to display the current version of the browser and run a manual check for updates. The browser will download and install any update that it discovers automatically.
Chrome 106.0.5249.119
Google confirms on the Chrome Releases blog that it has fixed six different vulnerabilities in the update. All six security issues have a severity rating of high, the second-highest after critical.
[$15000][1364604] High CVE-2022-3445: Use after free in Skia. Reported by Nan Wang (@eternalsakura13) and Yong Liu of 360 Vulnerability Research Institute on 2022-09-16
[$13000][1368076] High CVE-2022-3446: Heap buffer overflow in WebSQL. Reported by Kaijie Xu (@kaijieguigui) on 2022-09-26
[$7500][1366582] High CVE-2022-3447: Inappropriate implementation in Custom Tabs. Reported by Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India) on 2022-09-22
[$2500][1363040] High CVE-2022-3448: Use after free in Permissions API. Reported by raven at KunLun lab on 2022-09-13
[$TBD][1364662] High CVE-2022-3449: Use after free in Safe Browsing. Reported by asnine on 2022-09-17
[$TBD][1369882] High CVE-2022-3450: Use after free in Peer Connection. Reported by Anonymous on 2022-09-30
None of the listed security issues appear to be exploited in the wild, as Google makes no mention of it in the announcement.
The new update is the third Chrome 106 point release already. The first point release addressed three security issues in Chrome; the second, released just last week, was a mysterious release, as Google made no mention of any fixes in the announcement. Together with Chrome 106, the four releases fixed a total of 29 different security issues in Chrome.
Chrome users should update the browser as soon as possible to protect it from attacks targeting the newly patched security issues.
Expect most Chromium-based browsers to push out point updates as well in the coming days and weeks to address security issues.
Now You: when do you update your browsers?
“Use after free” memory issues, always high, just the worst. In Skia, in Permissions API, in Safe Browsing, in Peer Connection. And this year in almost everything else possible.
chromium security is a joke
Update done